CVE-2016-9717
MEDIUMIBM InfoSphere Master Data Management 10.1-11.6 - HTTP Parameter Override via Duplicated Parameters
Title source: llmDescription
HTTP Parameter Override is identified in the IBM Infosphere Master Data Management (MDM) 10.1. 11.0. 11.3, 11.4, 11.5, and 11.6 product. It enables attackers by exposing the presence of duplicated parameters which may produce an anomalous behavior in the application that can be potentially exploited.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/100074
Patch, Vendor Advisory x_refsource_confirm
http://www.ibm.com/support/docview.wss?uid=swg22006605
VDB Entry, Vendor Advisory x_refsource_misc
https://exchange.xforce.ibmcloud.com/vulnerabilities/119730
Scores
CVSS v3
6.5
EPSS
0.0112
EPSS Percentile
62.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-20
Status
published
Products (14)
IBM/InfoSphere Master Data Management
10.1
IBM/InfoSphere Master Data Management
10.1.0
IBM/InfoSphere Master Data Management
11.0
IBM/InfoSphere Master Data Management
11.0.0
IBM/InfoSphere Master Data Management
11.3
IBM/InfoSphere Master Data Management
11.4
IBM/InfoSphere Master Data Management
11.5
IBM/InfoSphere Master Data Management
11.6
ibm/infosphere_master_data_management_server
10.1
ibm/infosphere_master_data_management_server
11.0
... and 4 more
Published
Jul 31, 2017
Tracked Since
Feb 18, 2026